Private Information of 50,000 French Healthcare Workers Stolen

Private Information of 50,000 French Healthcare Workers Stolen
French authorities unearthed a glut of stolen credentials on the dark web, apparently belonging to the healthcare workers. The authorities have alerted the healthcare department and advised them to remain vigilant. In recent weeks, threat actors have attacked several French hospitals – including hospitals in Dax and Villefranche-sur-Saone.

The French Ministry of Social Affairs and Health issued an alert this week stating, France Computer Emergency Response Team notified our department regarding the sale of a list of 50,000 user accounts on a cybercriminal platform which includes login/password credentials apparently belonging to French healthcare workers. 

The alert notes that “it is difficult to accurately describe the origin of this leak, but the impact that the use of login/agent password couples can have on the security of institutions’ information systems is more easily valuable. That includes attempts to connect to remote means of access, such as Outlook web access and VPN. Once the connection is successful, attackers can use all the resources allocated to the compromised account to break into the information system.”

The French health ministry also admitted that several healthcare facilities in the nation have been attacked by malware involving Emotet, TrickBot, and Ryuk and while explaining the same, it said that “particular attention should be paid to this because these three malwares are used in complex chains of attacks that have a strong impact on the activity of victims. Scan campaigns from the infrastructure of the TA505 (Clop ransomware activity cluster) and UNC1878 (Ryuk ransomware activity cluster) targeting health facilities were also reported.”

Mutuelle Nationale des Hospitaliers (MNH), the latest victim of a ransomware attack stated, “we spotted an intrusion into our data s ..